UCF STIG Viewer Logo

The system must block access to ports not being used by vCenter.


Finding ID Version Rule ID IA Controls Severity
VCENTER-000004 VCENTER-000004 VCENTER-000004_rule High
Militate against general attacks on the Windows system by blocking unneeded ports. A local firewall on the Windows system of vCenter, or a network firewall, can be used to block access to ports not specifically being used by vCenter.
VMware vCenter Server Security Technical Implementation Guide 2013-01-15


Check Text ( C-VCENTER-000004_chk )
This check is both site and installation specific.

Ask the SA for a list of all unblocked ports on the vCenter Server's Window system. Verify all unblocked ports are necessary and used. Example: a partial list of examples of where ports might be blocked: (636/TCP) if the vCenter will not be part of a linked-mode vCenter group; (1521/TCP) if the vCenter DB is not Oracle.

If there are any unused, unblocked ports on the vCenter Server's Window system, this is a finding.
Fix Text (F-VCENTER-000004_fix)
Determine what site-specific ports are required to support the Window system hosting the vCenter Server application. Determine the installation-specific ports that are required to support the vCenter Server application. Block all ports that are not required by either the Windows system and/or the vCenter Server.